Closed blattm closed 2 years ago
In some cases, the file size of dumps might increase drastically. This is probably caused by segments being connected, which should be separate.
The issue of large dumps should now be resolved. Dump tasks are now split at large reserved segments.
The threshold has to be set in config.py
. To correctly dump .NET executables, it should be set to at least 0x1000. By setting it to None, splitting is disabled.
everything confirmed, works awesomely, thanks a lot!
This fix to the
DumpPersister
will pad segments with nullbytes ifdumped_size < size
.Without this fix, especially dumps of .NET payloads will miss several chunks of 0x1000 nullbytes, corrupting the dump.